I proposes the following:
3.x Originating Domain Identity (ODID)
The ODID is the domain part of the From: address. This identity
MAY be considered as an output communicated to an advanced
Identity Assessor module.
I don't like making up a new name for what we already have. I'd
rather just call it "the domain part of the 'From' address."
There's also the issue, in defining this, that there may be multiple
"From" addresses with different domain parts. In a case like this:
From: Paul Simon <paul(_at_)example(_dot_)com>,
Art Garfunkel <garf(_at_)example(_dot_)net>
...which domain do we use?
3.9. Output Requirements
For each signature that verifies successfully or produces a TEMPFAIL
result, the output of a DKIM verifier module MUST include the set of:
o The domain name, taken from the "d=" signature tag; and
o The result of the verification attempt for that signature.
| Optional output are:
| o The Agent or User Identity (AUID) taken from "i=", if any.
| o The Originating Domain Identity (ODID). Verifier output
| MAY consider ODID when no signatures or invalid signatures
| are found.
The output MAY include other signature properties or result meta-
data, including PERMFAILed or otherwise ignored signatures, for use
by modules that consume those results.
I find this Mostly Harmless, but unnecessary. As others have said,
it's clear that identity assessors can use any information they like,
and the contents of the RFC5322 From are included in that. I don't
object to pointing out items that we think might be particularly
useful, but I don't think we should be calling it "output" of the
signature verifier. And, really, advice about the identity assessor
should mostly be in the deployment document, not in the protocol
In other words, as a participant, I prefer not to add this, but I
wouldn't fight strongly against it.
Barry, as participant
NOTE WELL: This list operates according to